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DETAILED ACTION 

1. Claims 1, 3-5, 8-26, and 29-41 are pending. 

2. A request for continued examination under 37 CFR 1.114, 
including the fee set forth in 37 CFR 1.17(e), was filed in this 
application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the 
fee set forth in 37 CFR 1.17(e) has been timely paid, the 
finality of the previous Office action has been withdrawn 
pursuant to 37 CFR 1.114. Applicant's submission filed on 
02/23/2007 has been entered. . . 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which 
forms the basis for all obviousness rejections set forth in this 
Office action: 

(a) A patent may not be obtained though the invention is not 
identically disclosed or described as set forth in section 102 of this 
title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the 
invention was made. 

3. Claims 1, 3-5, 8-22, 24-26, and 29-41 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Vogelesang, U.S. Patent 
No. 5,953,424, in view of Menezes (Menezes, Alfred J. Handbook 



of Applied Cryptography. CRC Press. 1997. pages 234-237) and 
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further in view of (Simple Network Authenticating Key 
Exchange) (hereinafter Snake) . ' 

. As per claims 1, 20, 21, 22, 24, and 38-40, Vogelesang 
discloses a cryptographic method comprising: generating, at a 
first entity, a first public key M B , the first public key M B 
being session specific (Vogelesang: Col 16, lines 33-35); 
receiving, at a first entity, a second public key M A , the second 
public key M A being session specific (Vogelesang: Col 16, lines 
36-38); generating, at the first entity, a first session key K B 
and a first secret S B . the first session key K B being different 
from the first secret S B , both the first session key K B and the 
first secret S B being computed from the second public key M A 

(Vogelesang: Col 16, lines 39-67); encrypting, at the first 
entity, a first random nonce N B with the first session key K B or 
the first secret S B to obtain a first encrypted result 

(Vogelesang: Col 16, lines 43-67); transmitting the encrypted 
random nonce from the first entity to the second entity 

(Vogelesang: Col 16, lines 64-67); receiving a response to the 
encrypted random nonce (Vogelesang: Col 17, lines 19-24); 
authenticating • through determining whether the response includes 
a correct modification of the first random nonce N B (Vogelesang: 
Col 17, lines 28-30) . ' • 
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Vogelesang teaches that a first random nonce may be 
encrypted at the first entity with a session key to obtain a 
first encrypted result (e.g. Col 16, lines 64-67). Vogelesang 
also teaches a number of secrets that are generated using the 
second public key (e.g. T,'Y D , and other values which qualify as 
a "secret" under MPEP 2111) . However, Vogelesang does not 
appear to suggest that the first encrypted result may be double 
encrypted . 

Menezes teaches that encipherment of a message more than 
once "may increase security" (Menezes: page 234). Further, 
illustrates the process whereby a message may be encrypted once 
with a first key and a second time with another key (Menezes: 
page 234, part (a)). Combining the ideas of Menezes with 
Vogelesang facilitates a system in which a message may be 
encrypted once with a first key (e.g. session key) (part d) and 
a second time with another key (e.g. secret). It would have 
been obvious to one of ordinary skill in the art at the time the 
invention was filed to combine the ideas of Menezes with those 
of Vogelesang because doing so may increase security. 

The modified Vogelesang and Menezes system fails to 
disclose the specific generation of the first secret. 

However, Snake teaches generating a secret based on a 
function of a password, and two public values (see page 1) . 
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At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to use the secret 
generating method of Snake using the public keys of the modified 
Vogelesang and Menezes system as the public values. 

Motivation to do so would have been to provide mutual 
authentication (see page 2). 

As per claims 3 and 4, the modified Vogelesang, Menezes, 
and Snake system discloses checking whether a received 
modification of the first random nonce N B equals a modification 
of the first random nonce N B applied by the first entity 
(Vogelesang: Col 17, lines 25-37). 

As per claim 5, the modified Vogelesang, Menezes, and Snake 
system discloses generating a first random number R B (Vogelesang: 
Col 16, lines 39-40) ; computing the first session key K B from the 
second public key M A raised to the exponential power of the first 
random number R B , modulo a parameter B B (Vogelesang: Col 16, 
lines 39-42) . 

As per claims 8-10 and 29-31, the modified Vogelesang, 
Menezes, and Snake system discloses the combining function is a 
hash function (see Snake page 1). 

. As per claims 11 and 32, the modified Vogelesang, Menezes, 
and Snake system discloses combining the values to arrive at a 



Application/Control Number: 09/918,602 Page 6 

Art Unit: 2137 

first and second result (see Snake page 1 message 3 and 4 where 
the key is calculated on each side) 

As per claims 12 and 13, the modified Vogelesang, Menezes, 
and Snake system discloses wherein the first random nonce is 
encrypted using a symmetrical encryption algorithm (Vogelesang: 
Col 16, lines 64-67) . 

As per claims 17-19, the modified Vogelesang, Menezes, and 
Snake system discloses extracting the second random nonce N A from 
the response (Vogelesang: Col 16, line 39 to Col 17, line 28); 
modifying the second random nonce N A to obtain a modified second 
random nonce (Vogelesang: Col 16, line 39 to Col 17, line 28); 
encrypting the modified second random nonce using the first 
session key K B and the first secret S B to obtain an encrypted 
package (Vogelesang: Col 16, line 39 to Col 17, line 28); 
transmitting the encrypted package from the first entity 
(Vogelesang: Col 16, line 39 to Col 17, line 28) . 

As per claim 26, the modified Vogelesang, Menezes, and 
Snake system discloses generating a first random number R B 
(Vogelesang: Col 16, lines 39-40); computing the first session 
key K B from the second public key M A raised to the exponential 
power of the first random number R B , modulo a parameter B B 
(Vogelesang: Col 16, lines 39-42) . 
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As per claims 34-37, the modified Vogelesang, Menezes, and 
Snake system discloses generating a first random number N B 
(Vogelesang: Col 16, line 33 to Col 17, line 27); encrypting a 
combination of the first random number N B and the modified second 
random number (Vogelesang: Col 16, line 33 to Col 27, line 27) . 

As per claims 14-16, 25, and 33, the modified Vogelesang, 
Menezes, and Snake system discloses wherein encrypting the first 
random nonce N B includes superencrypting the first random nonce 
N B (Menezes: pages 234-237). 

As per claim 41, the modified Vogelesang, Menezes, and 
Snake system discloses wherein the network is a network 
operating according to a hypertext transfer protocol and the 
first public key M B is transmitted for session key exchange 
before the encrypted second random number is received 
(Vogelesang: Col 1, lines 12-14; Col 16, lines 25-67) . 

4. Claim 23 is rejected under 35 U.S.C. 103(a) as being 
unpatentable over Vogelesang in view of Menezes and further in 
view of Snake. 

As per claim 23, discloses a network operating according to 
a hypertext transfer protocol and the first public key M B is 
transmitted with the encrypted random nonce for session key 
exchange. 
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The modified Vogelesang, Menezes, and Snake system does not 
disclose transmitting the first public key M B with the encrypted 
random nonce. Applicant's failure to argue the previous 
official notice of the subject matter of claim 23 is taken as 
acquiescence that the subject matter of claim 23 is obvious (See 
MPEP 2144.03). It would have been obvious to one of ordinary 
skill in the art at the time the invention was filed to transmit 
a key with a nonce because doing so is more efficient than 
having to make two separation transmissions for the key and the 
nonce . 

Response to Arguments 

5. Applicant's arguments with respect to claims 1, 3-5, 8-26, 
and 29-41 have been considered but are moot in view of the new 
ground(s) of rejection. 

Conclusion 

6. The prior art made of record and not relied upon is 
considered pertinent to applicant's disclosure. Field et al. 
discloses a method of using a public key and password to 
generate a key. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Michael 
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Pyzocha whose telephone number is (571) 272-3875. The examiner 
can normally be reached on 7:00am - 4:30pm first Fridays of the 
bi-week off. 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Emmanuel Moise can be 
reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be 
obtained from the Patent Application Information Retrieval 
(PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free) . 
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SUPERVISORY PATENT EXAMINER 




